About

Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.

March 04, 2013

Who Am I? Authentication Challenges

It's tax time again. I dread this time of year. It's not just because I don't like paying taxes—who does? It's because I am always a little nervous as a result of an experience my husband once had. Some years ago, my husband was the victim of identity theft and, every so often, we are forced to confront another attempted assault on our finances. We became aware of another assault two years ago when we attempted to file our federal tax return electronically and it was rejected. The IRS already had a record of a processed return under my husband's Social Security number (SSN). For now, we file our returns the old-fashioned way, printing and mailing them.

Juxtapose that low-tech solution against the high-tech approach that fraudsters use. Using ill-gotten SSNs, names, and birth dates, these identity thieves electronically file fraudulent returns as early as possible. They then nab the refunds quickly, either through receipt of a prepaid debit card from the IRS or through direct deposit into a bank account specifically used for obtaining the fraudulent refund, which they immediately cash out.

Filing of fraudulent tax returns has reached epidemic proportions. In 2012, a Treasury Inspector General for tax administration testified before Congress that the IRS detected and stopped almost one million fake returns for 2010, totaling $6.5 billion.

In recent years, the government, through legislation, has encouraged use of other identification methods and greater care in the storing and sharing of SSNs and other personally identifiable information. However, the SSN remains the preferred identification method. Knowing that criminals and taxes will never disappear, the issue then is with the authentication—that is, checking identity at the door.

The IRS is being proactive by requiring taxpayers to supply additional information. Perhaps the agency could use the same technology to combat the criminals that the criminals are using to initiate the crime. A recent Portals and Rails post looked at "Big Data" and discussed how financial institutions can profile consumer behavior to detect fraud. Could the IRS use Big Data techniques to help detect tax returns that seemingly have fraudulent characteristics? For example, the IRS could flag early filings, understanding that historically a particular filer's W-2 information is not available until as late as the end of March. However, the post also discussed the question of when data collection and behavior profiling crosses the line from marketing opportunities to privacy invasion, an issue the IRS would have to consider.

The integrity of mobile payments, online banking, card payments, and any other form of electronic payment rely on the authentication of the payer. Many authentication methods in the payments world are by necessity pretty sophisticated. But criminals are finding ways to compromise these methods, too. As we move headlong into the world of digital payments, proving genuine identity, or authentication, is vital.

By Mary Kepler, vice president and director of the Retail Payments Risk Form at the Atlanta Fed

Comments

Post a comment

Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.